Seam Security 3.0.0 Alpha1 released| JBoss.org Content Archive (Read Only)

1. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 22, 2011 12:00 AM (in response to shane.bryzak)

This version still depends on weld-extension instead of seam Solder, therefore it does not work with other modules (such as seam persistence) if you deploy both. I wonder when the first release of seam 3 (such as RC) will be ready. We really need seam security module.

2. Re: Seam Security 3.0.0 Alpha1 released

mausbull.stephan.pabinger.gmail.com Jan 23, 2011 1:15 AM (in response to shane.bryzak)

There is already a version out that depends on Seam Solder (Alpha2).
See: http://in.relation.to/Bloggers/Seam3ModulesStockingStufferRelease

Best regards,
Stephan

3. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 24, 2011 11:35 AM (in response to shane.bryzak)

Even Alpha2 shows up on the seam 3 download page, I could not find its artifacts when including this module's dependency in my pom.

4. Re: Seam Security 3.0.0 Alpha1 released

shane.bryzak Jan 24, 2011 6:17 PM (in response to shane.bryzak)

They are in the JBoss Maven repository:

https://repository.jboss.org/nexus/content/groups/public/org/jboss/seam/security/seam-security-api/3.0.0.Alpha2/
https://repository.jboss.org/nexus/content/groups/public/org/jboss/seam/security/seam-security-impl/3.0.0.Alpha2/

5. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 26, 2011 11:24 AM (in response to shane.bryzak)

OK. This jboss repo works.
Now another problem: http://seamframework.org/Seam3/Documentation
the document link for security modules leads to that for servlet module.
Where can I find the doc for seam security?
Thanks.

6. Re: Seam Security 3.0.0 Alpha1 released

lightguard Jan 26, 2011 1:44 PM (in response to shane.bryzak)

IIRC, Shane said docs for security are due in a later release. They have to be completely rewritten from scratch.

7. Re: Seam Security 3.0.0 Alpha1 released

shane.bryzak Jan 26, 2011 3:24 PM (in response to shane.bryzak)

That's right, we decided to hold off on the docs until the CR release as many things (including APIs) are still being changed. You can probably refer to the Seam 2.2 docs for the time being for a rough understanding of the concepts, as most of the same core features are described there.

8. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 26, 2011 5:22 PM (in response to shane.bryzak)

I have a loginservice like this: public class LoginService implements Authenticator { @Inject Credentials credentials; @Inject Logger log; public boolean authenticate() { // authentication logic here log.info("authenticate is called in LoginService"); log.info("userID="+credentials.getUsername()); return true; // if authentication successful } } login.xhtml: <h:form id="loginForm" rendered="#{not identity.loggedIn}"> <h:messages id="messages" globalOnly="true" /> <div class="loginRow"><h:outputLabel for="name" value="Username" styleClass="loginLabel" /> <h:inputText id="name" value="#{credentials.username}" /></div> <div class="loginRow"><h:outputLabel for="password" value="Password" styleClass="loginLabel" /> <h:inputSecret id="password" value="#{credentials.password}" redisplay="true" /></div> <div class="loginRow"></div> <div class="buttons"><h:commandButton id="login" value="LOGIN" action="#{identity.login}" styleClass="loginButton" /></div>

But the credentials have the username as null (it seems like a proxy object). Do you know what I may have missed? I am using alpha2.

9. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 26, 2011 5:35 PM (in response to shane.bryzak)

Actually I got an error:
Login failed for: Credentials[a]: java.lang.IllegalArgumentException: stream cannot be null
I did not define seam-beans.xml. I don't have anything in faces-config.xml which is related to security. Do I have to config something there?

Sorry for the previous format. The code is like this:

public class LoginService implements Authenticator {

    @Inject
    Credentials credentials;
    @Inject
    Logger log;

    public boolean authenticate() {
        // authentication logic here
        log.info("authenticate is called in LoginService");
        log.info("userID="+credentials.getUsername());
        return true; // if authentication successful
    }

}

Then view:

<h:form id="loginForm" rendered="#{not identity.loggedIn}">
                        <h:messages id="messages" globalOnly="true" />

                        <div class="loginRow"><h:outputLabel for="name"
                                value="Username" styleClass="loginLabel" /> <h:inputText id="name"
                                value="#{credentials.username}" /></div>

                        <div class="loginRow"><h:outputLabel for="password"
                                value="Password" styleClass="loginLabel" /> <h:inputSecret
                                id="password" value="#{credentials.password}" redisplay="true" /></div>

                        <div class="loginRow"></div>

                        <div class="buttons"><h:commandButton id="login" value="LOGIN"
                                action="#{identity.login}" styleClass="loginButton" /></div>

10. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 26, 2011 5:39 PM (in response to shane.bryzak)

stack trace:
Seems could not find some drools file. I don't have one.

16:19:47,484 ERROR [org.jboss.weld.Bean] WELD-000019 Error destroying an instance Managed Bean [class org.jboss.seam.security.permission.SecurityRuleProducer] with qualifiers [@Any @Default] of org.jboss.seam.security.permission.SecurityRuleProducer@b90c7f
16:19:47,484 ERROR [org.jboss.seam.security.IdentityImpl] Login failed for: Credentials[a]: java.lang.IllegalArgumentException: stream cannot be null
     at org.drools.io.impl.InputStreamResource.<init>(InputStreamResource.java:35) [:5.1.1]
     at org.drools.io.impl.ResourceFactoryServiceImpl.newInputStreamResource(ResourceFactoryServiceImpl.java:87) [:5.1.1]
     at org.drools.io.ResourceFactory.newInputStreamResource(ResourceFactory.java:87) [:5.1.1]
     at org.jboss.seam.security.permission.SecurityRuleProducer.createSecurityKnowledgeBase(SecurityRuleProducer.java:43) [:3.0.0.Alpha2]

11. Re: Seam Security 3.0.0 Alpha1 released

shane.bryzak Jan 26, 2011 6:32 PM (in response to shane.bryzak)

That looks like a bug. Would you mind raising a JIRA issue for it?

https://issues.jboss.org/browse/SEAMSECURITY

12. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 26, 2011 11:23 PM (in response to shane.bryzak)

Defect is opened.

https://issues.jboss.org/browse/SEAMSECURITY-22'

13. Re: Seam Security 3.0.0 Alpha1 released

yangju.richard.yang.pearson.com Jan 27, 2011 2:07 PM (in response to shane.bryzak)

I have a question regarding the PicketLink library that seam 3 is adopting. Our databases have different tables than what the PicketLink requires. For example, we have a User table (similar to Identity table) with password as part of that table. We do not have a separate credential table. Also, we don't have a User group table but user group is one attribute in our Role table. We do not have several of those relationship tables. I wonder that if that would still work in PicketLink. I see from the Idmconsole example, you have to define

<plidm:JpaIdentityStoreConfiguration>
      <s:replaces/>
      <plidm:identityClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObject</plidm:identityClass>
      <plidm:credentialClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObjectCredential</plidm:credentialClass>
      <plidm:relationshipClass>org.jboss.seam.security.examples.idmconsole.model.IdentityObjectRelationship</plidm:relationshipClass>
      <plidm:roleTypeClass>org.jboss.seam.security.examples.idmconsole.model.IdentityRoleName</plidm:roleTypeClass>
   </plidm:JpaIdentityStoreConfiguration>

Do we really have to model our business entities by following this example?

Thanks.

14. Re: Seam Security 3.0.0 Alpha1 released

shane.bryzak Jan 27, 2011 5:51 PM (in response to shane.bryzak)

Our JPAIdentityStore implementation is very flexible in how you define your database schema for the very reason that it is intended to be compatible with legacy systems. Reading through the description of your schema, I can say with confidence that your User table (which contains the password) should work fine. For the Role table however there may be an issue with the user group - you may have to extend the JpaIdentityStore class and override a method to get it to work with your particular schema. If you think that JpaIdentityStore can be enhanced further to support certain common schemas, then please raise a feature request in JIRA.

http://issues.jboss.org/browse/SEAMSECURITY